1. Home
  2. Vulnerabilities
  3. CVE-2010-1121

CVE-2010-1121

CVSS v2.0 10 (High)
100% Progress
EPSS 23.91 % (97th)
23.91% Progress
Affected Products 1
Advisories 12
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.

Weaknesses
CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2010-03-25 21:00:01
(14 years ago)
Updated Date
2017-09-19 01:30:34
(7 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 3.6 cpe:2.3:a:mozilla:firefox:3.6
  Mozilla Firefox 3.6.1 cpe:2.3:a:mozilla:firefox:3.6.1
  Mozilla Firefox 3.6.2 cpe:2.3:a:mozilla:firefox:3.6.2